How to Configure NGFW - NETWORK · PDF fileAdvanced NGFW features -App Control andWeb control, see. page 22. 4. ... or select Network or Security menus for configuration, or use System

Technical Guide

How To | Configure a Next-Generation Firewall

Introduction

Allied Telesis Next-Generation Firewalls (NGFWs) are the ideal integrated security platform

for modern businesses. Next generation firewall and threat protection is combined with

routing and switching, to provide an innovative high performance solution.

Our NGFWs have an integrated architecture built on the AlliedWare Plus™ OS, bringing itsverified and superior operation to the security needs of today's networks. As well as AlliedTelesis' advanced feature set, and powerful VPN connectivity options for remote networkaccess, the NGFWs utilize best of breed security providers, for up-to-the-minute protectionfrom all known threats.

What information will you find in this document?

This guide shows how to configure a NGFW using the Graphical User Interface (GUI).

The NGFW GUI provides a quick-start setup of the firewall, enabling the configuration ofentities (Zones, Networks, and Hosts) and then creating firewall rules for traffic betweenthese entities. Advanced firewall features such as App control and Web control, as well asthreat management features such as Malware protection and Antivirus, can be enabled andconfigured for a comprehensive security solution.

The GUI also supports a DHCP server, some system tools, and a dashboard showinginterface and firewall traffic, the top 10 apps, plus system and environmental information.Thecomplete AlliedWare Plus feature-set can be configured using the NGFW's industry standardCommand Line Interface (CLI), and the functionality available via the GUI will be increasingwith subsequent releases.

alliedtelesis.com xC613-16192-00 REV A

Introduction

Contents

Introduction.............................................................................................................................................................................1

Related documents....................................................................................................................................................3

Which products and software version does it apply to? .....................................................................3

What is NGFW?...................................................................................................................................................................4

What are Entities?................................................................................................................................................................4

Zones, networks, and hosts..................................................................................................................................5

Using Rules...............................................................................................................................................................................6

Configuring the NGFW....................................................................................................................................................7

Part 1: Configure a standard 3-zone network ...........................................................................................7

Part 2: Configure the NGFW for Update Manager ............................................................................ 19

Part 3: Configure NGFW license security features.............................................................................. 22

Part 4: Configure licensed Advanced Threat Protection (ATP) security features............... 27

The Dashboard .................................................................................................................................................................. 33

Page 2 | Configure a Next-Generation Firewall

Introduction

Related documents

You also may find the following AlliedWare Plus Feature Overviews useful:

NGFW (Next Generation Firewall)

Application Control

Web Control

Intrusion Prevention System

IP Reputation

Malware Protection

Antivirus

Which products and software version does it apply to?

This How To Note applies to the following Allied Telesis products:

AR3050S

AR4050S

It requires AlliedWare Plus software version 5.4.5-0.3.

Configure a Next-Generation Firewall | Page 3

http://www.alliedtelesis.com/userfiles/file/Firewall_Feature_Config_Guide_RevB.pdf

http://www.alliedtelesis.com/userfiles/file/Web_Control_Feature_Config_Guide.pdf

http://www.alliedtelesis.com/userfiles/file/Application_Control_Feature_Config_Guide_Rev_B.pdf

http://www.alliedtelesis.com/userfiles/file/IPS_Feature_Config_Guide_Rev_B.pdf

http://www.alliedtelesis.com/userfiles/file/IP_Reputation_Feature_Config_Guide.pdf

http://www.alliedtelesis.com/userfiles/file/Malware_Protection_Feature_Config_Guide.pdf

http://www.alliedtelesis.com/userfiles/file/Antivirus_Feature_Config_Guide_Rev_B.pdf

What is NGFW?

What is NGFW?

A firewall, at its simplest level, controls traffic flow between a trusted network (such as a

corporate LAN) and an untrusted or public network (such as the Internet). Previous

generations of firewalls were port-based or used packet filtering. These traditional firewalls

determined whether traffic is allowed or disallowed based on characteristics of the packets,

including their destination and source IP addresses and TCP/ UDP port numbers. However,

traditional firewalls have failed to keep pace with the increased use of modern applications,

and network security threats.

AlliedTelesis NGFW uses a Deep Packet Inspection (DPI) engine that provides real-time,Layer 7 classification of network traffic. Rather than being limited to filtering packets based onprotocols and ports, the firewall can determine the application associated with the packet,for example social networking, instant messaging, file sharing, or streaming. This allowsEnterprises to accurately differentiate business-critical from non-critical applications, andenforce security and acceptable-use policies for applications in ways that make sense for thebusiness.

This comprehensive application, content, and user identification provides full visibility intonetwork activity, to allow intelligent control of network traffic. Visibility and control,partnered with advanced threat protection, together provide comprehensive online security.

What are Entities?

Before we begin to configure the NGFW, let's take a look at the building blocks that allow

this advanced control of online network activity.

When the firewall is deciding how it should treat a traffic stream, among the questions itneeds to ask are “where is the stream coming from?” and “where is it going to?”

To help answer those questions, the firewall needs to have a logical map of the networkenvironment, so that it can categorize the sources and destinations of the flows that it ismanaging.

AlliedTelesis NGFWs map out the network environment into regions, using three tiers ofgranularity. The divisions into which it cuts up its environment are referred to collectively asEntities. The three levels of granularity in the dividing up of the environment are Zones,Networks and Hosts. This hierarchy of Entities empowers organizations to accurately applysecurity policies at company, department or individual level.


What are Entities?

Zones, networks, and hosts

A Zone is the highest level of division within the network, and defines a boundary where

traffic is subjected to policy restrictions as it crosses to another region of your network. A

typical network environment might contain a public (WAN) zone representing the Internet, a

private (LAN) zone behind the firewall, and a Demilitarized zone (DMZ) containing publicly

accessible web servers. Zones are divided up into networks, which in turn contain hosts.

Zone-LAN

Host-FredHost-Wilma

Host-BarneyHost-Betty

Network-Sales

Network-Admin

A Network is a logical grouping of hosts within a zone, for example, the sales network withinthe LAN zone. Networks consist of the IP subnets and interfaces over which they arereachable. The allocating of Networks to Zones is the core activity in dividing the networkup into logical regions to which different security policies apply. A Zone has no real meaningin itself until it has one or more Networks allocated to it. Once Networks have beenallocated to a Zone, the Zone is then the Entity that collectively represents that set ofNetworks. Then rules can be applied to the Zone as a whole, or to individual Networkswithin the Zone.

A Host is a single node in a network, for example, the PC of a specific employee. Thediagram below shows PC Wilma is a host within the Sales network within the LAN zone.Host entities are defined so that specific rules can be applied to those particular Hosts - e.g.a server to which certain types of sessions may be initiated.


Using Rules

Using Rules

Rules allow the advanced control of users, and the applications they use on the network.

Firewall rules: are used to filter traffic, allowing or denying, between any two entities. Thisallows for granular control, as rules can be based on traffic sources that might be zones,networks, or hosts, and traffic destinations that might be zones, networks, or hosts.

For example, an organization may choose to block Skype company-wide (i.e. from ANYzone to ANY zone), or allow it only for the marketing department (i.e. allow Skype from theMarketing network to ANY Zone, but block it from any other network, zone, or host).

Traffic shaping rules: are used to control the bandwidth that applications use. For example,Spotify music streaming may be allowed, but limited in bandwidth due to an acceptable usepolicy ensuring company Internet connectivity is prioritized for business traffic.

Network Address Translation (NAT) rules: are used to hide private network addresses fortraffic bound for the Internet. All company traffic leaving the corporate office can share apublic network address for routing through the Internet to its destination.The Firewall supports:

NAT with IP Masquerade, where private source addresses are mapped to a public source

address with source port translation to identify the association. The single public IP

address masquerades as the source IP on traffic from the private addresses as it goes out

to the Internet.

Port Forwarding, to provide public access to internal servers. Port forwarding redirects

traffic to a specific host, e.g. forwarding HTTP traffic to a web server in the DMZ.


Configuring the NGFW


This section describes how to configure:

1. A standard 3-zone network scenario as shown below

2. Rules to allow Update Manager to update the NGFW's components, see page 19

3. Advanced NGFW features - App Control and Web control, see page 22

4. Advanced threat protection features - IPS, IP Reputation, Malware Protection, andAntivirus, see page 27.

Part 1: Configure a standard 3-zone network

Host

Host

FTPHost

Web

Server

HostZone-Private

Zone-DMZ

Network-LAN

Network-Servers

Network-InternetInternet

Zone-Public

VLAN1

Eth2Eth1

To use the GUI, we need to add an IP address to an interface over which we will connectwith our browser, once the GUI resource file has been loaded onto the NGFW.

We will also add IP addresses to the other interfaces that will be used in our network.

From the CLI, add the following interface addresses:

IP address for eth2

awplus(config)#interface eth2 awplus(config-if)#ip address 128.0.0.1/24 awplus(config-if)#exit

1. Configure NGFW interfaces.



IP address for eth1

awplus(config-if)#interface eth1awplus(config-if)#ip address 172.16.0.1/24awplus(config-if)#exit

IP address forVLAN 1

awplus(config)#interface vlan1awplus(config-if)#ip address 192.168.1.1/24awplus(config-if)#exit

Enable HTTP so the NGFW will serve the GUI pages:

awplus(config)#service http

Browse to the IP address of the NGFW on the interface you are connecting to - e.g.192.168.1.1 forVLAN1.

Note: The NGFW GUI currently supports the Firefox™ and Chrome™ web browsers.

The following login page is displayed:

The About the application link (located below the ‘Sign in’ button), provides some gettingstarted help for using the GUI.

You can log in using any valid username/password combination that has been configured onthe unit, or the default username/password (manager/friend), if that has not been deleted.

2. Enable the Web server.

3. Login to the NGFW GUI.



Once logged in you will be in the dashboard of the NGFW GUI.

The dashboard shows a number of useful widgets for monitoring the state of your firewall.We'll look closer at the various dashboard widgets later, after we've configured the firewall.

On the left-hand side of the page is the navigation bar, with options to view the Dashboard,or select Network or Security menus for configuration, or use System Tools.

The Network menu includes the forwarding database, and the ability to configure theNGFW as a DHCP server for the network. The System Tools menu includes Ping andTraceroute. Neither of these will be covered in this document, as we'll concentrate onsetting up the firewall and security.



To configure the firewall, we'll first create entities to which rules can be applied. Select Entity

Management under the Security menu.

A: As no entities have yet been created, click the + on the red circular button at the bottomright of the GUI window to add a Zone.The first zone we will add is the dmz zone to beused for company servers that we want to be accessible from the Internet.

4. Configure Entities.



B: Now we can click Add Network to add our servers network to the DMZ zone.

C: ClickAdd Subnet and add the subnet 172.16.0.0/24, and eth1 as the interface over whichthis network will be reachable.



D: We can now add specific hosts (servers in this case). ClickAdd Host to add the ftp serverwith an IP address of 172.16.0.2.

E: Add a second host named web-server with an IP address of 172.16.0.10

F: We can now see our completed dmz zone, containing the servers network, with twohosts - ftp and web-server.



Use the same steps to create private and public zones/networks with the following details:

Private Zone:

Zone name = private

Network name = lan

Network subnet and interface = 192.168.1.0/24, VLAN1

Public Zone:

Zone name = public

Network name = internet

Network subnet and interface = 0.0.0.0/0, eth2

The completed Entity Management page will look like this:

If you'd like to view these changes as added to the NGFW configuration file, from the CLIuse the commands show running-config entity and show entity.



Note the syntax that is used for identifying a Network or Host Entity.

The Syntax for naming a Network Entity is:

<Parent Zone Name>.<network name> For example, private.LAN

The syntax for identifying a Host Entity is:

<Parent Zone name>.<Parent Network Name>.<Host Name> For example, dmz.servers.ftp

So, the hierarchy is included in the identifier of a second-tier or bottom-tier Entity.

For example, dmz.servers.web-server indicates that this host named web-server is part

of the servers network within the dmz domain.

We now have a 3-zone network (Public, Private, and DMZ), so we can now configure thefirewall rules to manage the traffic between these entities.

Navigate to Firewall under the Security menu item.

WARNING: Enabling the firewall with the Protect switch will block all applications between all

entities by default - No traffic will flow. It is therefore important to create firewall

rules to allow application usage as desired prior to enabling the firewall.

5. Configure firewalls rules.



A: Click New and create a rule to allow Ping traffic from the Public zone to the Private zone.This will allow us to test connectivity through the firewall.

B: You can see the new rule added to the Firewall.

C: Create further new Firewall rules with these details:

Further Ping rules to allow connectivity checking:

Permit Ping from Public to DMZ

Permit Ping from Private to DMZ

Permit Ping from DMZ to Private



Allow Public traffic from the Internet to our DMZ servers:

Permit ftp from Public to dmz.servers.ftp

Permit http from Public to dmz.servers.web-server

Allow private side firewall zones to initiate traffic flows with each other and out to theInternet:

Permit Any from Private to Private

Permit Any from DMZ to DMZ

Permit Any from Private to Public

Permit Any from DMZ to Public

We can now see these Firewall rules displayed:

The firewall rules are displayed in the order they were created, which is also the order inwhich they will be actioned by the firewall. If you need to change the order of any specificrule, it can be dragged to a different location in the list.



D: Now that the firewall rules are created, we can enable the firewall with the Protect button,which will ask you to confirm if you wish to proceed.

If you'd like to use the CLI to view these changes added to the NGFW configuration, use thecommands: show firewall rule, show running-config firewall and show firewall.

Note that the firewall rules are numbered in the order in which they will be actioned (e.g.100, 200, 300 and so on). If a rule is dragged to a different location in the list displayed by theGUI, the rules will be renumbered to reflect the change in order of operation.



Now let's configure NAT rules to manage IP address translation between the Internet andour internal networks. NAT configuration will be available on the GUI soon. From the CLI,add the following NAT rules:

Rules for private to public address translation are:

Any traffic going from the Private Zone out to the Public Zone will have NAT applied, so

that it appears to have come from the IP address of the eth2 interface.

Any traffic going from the DMZ Zone out to the Public Zone will have NAT applied, so

that it appears to have come from the IP address of the eth2 interface.

awplus(config)#natawplus(config-nat)#rule 10 masq any from private to public awplus(config-nat)#rule 20 masq any from dmz to public

Port forwarding rules are required to enable access to the Web and FTP servers to bedelivered to the right destinations. To users in the Public zone, both servers will appear tohave the IP address that is on the eth2 interface, so sessions towards those servers will beinitiated to that address. The NGFW must then forward those sessions to the actualaddresses of the servers. The Rules to achieve this forwarding are:

awplus(config-nat)#rule 30 portfw ftp from public with dst dmz.servers.ftp

awplus(config-nat)#rule 40 portfw http from public with dst dmz.servers.web-server

Enable NAT awplus(config-nat)#enable

Use the show nat rule command to see the newly created rules.

6. Configure NAT rules.



The configuration we have made so far is part of the running-config on the NGFW.

Save these configuration changes to make them part of the boot configuration, so they canbe backed up and will survive a reboot of the NGFW.

Click the red Management button on the top bar of the GUI, and click Save Settings,

which is coloured red to show there is unsaved configuration.

Part 2: Configure the NGFW for Update Manager

Modern security devices require regular updates to keep rule-sets and threat signature

databases up to date, ensuring effective protection for business networks. Features such as IP

Reputation, Malware Protection, and Antivirus (which we'll configure in parts 3 and 4),

monitor network traffic and detect malicious activity in real-time by comparing the threats'

characteristics and patterns against known lists and databases.

The leading security providers employed by the NGFW, such as Kaspersky and EmergingThreats, keep their databases regularly updated with the very latest threat signatures, sosecurity scanning of firewall traffic catches the latest malicious threats. The NGFW utilizesUpdate Manager to contact the AlliedTelesis update server and download the latestcomponents at pre-defined intervals, or at specific user request.

Configuration of entities and rules is required to allow connectivity between UpdateManager and the Update Server.

The retrieval of files using Update Manager involves sessions that are initiated from theNGFW unit itself. This means that Firewall Rules are required that permit these sessions. So,a Zone needs to be created that represents the NGFW itself, and the public interface of theNGFW has to exist as a host within this zone.

7. Save configuration changes.

1. Create appropriate entities.


https://en.wikipedia.org/wiki/Kaspersky_Lab

http://www.emergingthreats.net/

http://www.emergingthreats.net/


Create zone/network/host entities for Update Manager source traffic with the followingdetails:

Zone name = Router

Network name = External

Network subnet and interface = 192.168.52.0/24, Eth2

Host name = External_Int

Host IP address = 192.168.52.20/24

The updated entity page will look like this:

Update Manager uses HTTPS for secure connectivity, so we'll create a firewall rule with thefollowing details to allow HTTPS traffic out to the update server.

2. Create firewall rules for update manager traffic.



Also create a rule to allow DNS resolution of the update server's URL.

These new rules can be seen added to the firewall rule set.

Once again click the red Management button on the GUI top bar, and click Save Settings asshown in the capture above to save the Update Manager configuration to the bootconfiguration file.




Part 3: Configure NGFW license security features

Online business activity is now based around applications that enable people to interact with

services such as collaborative document creation, social networking, video conferencing,

cloud-based storage, and much more. Organizations need to be able to control the

applications that their people use, and how they use them, as well as managing website

traffic.

AlliedTelesis NGFWs are application aware, and so provide the visibility and controlnecessary to safely navigate the increase in online applications and web traffic that are usedfor effective business today.

The NGFW feature license includes Application Control and Web Control. The NGFWfeature license is available in 1, 3, and 5 year subscriptions. Once the license has beenactivated on the NGFW with the CLI license command, you can see the expiry date in theSystem Information widget on the dashboard.

System information



Application Control

The Deep Packet Inspection (DPI) firewall engine allows fine-grained application control.

Reliable identification of the individual applications means that rules can be established to

govern application use, and to enforce security and acceptable use policies. For example,

Skype chat may be allowed company wide, while Skype video calls can only be made by the

sales department.

Navigate to the App Control configuration page under Security. Click on the switch to enableApp Control, and select the provider and update interval.

Application Control uses Procera Networks application visibility library to identify thousandsof individual applications. The NGFW will update the library from the AlliedTelesis updateserver (as configured in Part 2) at the specified interval to ensure the latest applications areknown.

You can now create Firewall orTraffic Shaping rules to manage how applications are allowedto be used on the network.

1. Configure application control.

2. Add rules to manage applications.



For example, to block the use of Spotify™ (a music streaming service) company-wide, createa firewall rule denying the Spotify application from the Public (Internet) zone to the Private(LAN) zone

Save the Application Control configuration changes to make them part of the bootconfiguration.

Web Control

Web Control provides Enterprises with an easy means to monitor and control their

employees' web traffic for productivity, legal and security purposes. Utilizing Digitals Arts'

active rating system for comprehensive and dynamic URL coverage, websites are accurately

assigned into around 100 categories, which can be allowed or blocked.

When a user tries to browse to a website, the http request is intercepted and sent to theclassifier engine, which queries Digital Arts constantly updated URL database for thecategory that the website belongs to. One a particular URL has been categorized, the result




is cached in the NGFW so that any subsequent requests with the same URL can beimmediately processed.

Navigate to the Web Control configuration page under Security.

Click on the switch to enable Web Control.

Select the provider and default action (for web pages that do not match any rules).

The Web Control feature has its own set of rules, which are separate to the Firewall rules.The Web Control rules are created on the Web Control configuration page.

1. Configure Web control.

2. Add rules to manage website categories.



To block gambling websites, for example, create a rule applied to the Internet network.

You can see the new rule applied to the Internet network in the Public zone.

Save the Web Control configuration changes to make them part of the boot configurationfile.




Part 4: Configure licensed Advanced Threat Protection (ATP) security features

The fundamental shift to sophisticated application use has provided businesses with increased

efficiency, and improved collaboration, along with new ways to manage customer interaction.

However, this has also opened the door for greater security concerns. Business data is

potentially vulnerable, and the rapid development of new services has introduced new types

of cyber threats.

AlliedTelesis NGFWs provide comprehensive threat protection, utilizing security engines,and threat signature databases from the industry's leading vendors, with regular updates toensure up-to-the-minute protection against cyber attacks.

Intrusion Prevention System (IPS) is provided free on the NGFWs, while the AdvancedThreat Protection (ATP) license adds IP Reputation, Malware Protection, and Antivirus (notethat currently Antivirus is only available on the AR4050).

The ATP license (like the NGFW license) is available in 1, 3, and 5 year subscriptions. Oncethe license has been activated on the NGFW with the CLI 'license' command, you can seethe expiry date in the System Information widget on the dashboard, as shown in "Systeminformation" on page 22.



Intrusion Prevention System

IPS monitors inbound and outbound traffic as the first line of defense, and identifies

suspicious or malicious traffic in real-time by comparing threats against an IPS known

signature database.

Navigate to the Intrusion Prevention System (IPS) configuration page under Security.

Click the switch over on the top right of the page to enable IPS.

Threats are grouped into categories, for example suspicious web traffic (HTTP), or emailtraffic (SMTP). For any threat that is detected in each of these categories, the engine can beset to log the threat (which is the default action), ignore, or deny - drop the matchingpackets.

To drop suspicious SMTP traffic, set the action to block.

1. Enable IPS.

2. Configure IPS actions.



Save the IPS configuration changes to make them part of the boot configuration file.

IP Reputation

IP Reputation provides comprehensive IP reputation lists through Emerging Threats'

IQRisk™, which identifies and categorizes IP addresses that are sources of Spam, viruses and

other malicious activity. With real-time threat analysis, and regular updates to reputation lists,

IP Reputation keeps network protection against hazardous websites right up to date.

Navigate to the IP Reputation Configuration page under Security.

Click the switch to enable IP Reputation (Protect)

Select Emerging-threats as the Provider

Set an Update interval to contact the Update Server for IP Reputation list updates.


1. Enable IP reputation.



IP Reputation uses categories to classify the nature of a host's bad reputation. For example,

IP addresses known to be sources of Spam will be added to the Spam category.

For any category, IP Reputation can be set to log the threat (which is the default action),ignore, or block/drop the matching packets.

To drop traffic from websites known as sources of Spam, set the Spam category to Block.

To see the changes added to the running configuration, use the CLI show running config ip-

reputation command:

Save the IP Reputation configuration changes to be part of the boot configuration file.

2. Configure IP reputation categories.




Malware Protection

Malware Protection is a stream-based high performance technology to protect against the

most dangerous cyber threats. By considering threat characteristics and patterns with

heuristics analysis, unknown zero-day attacks can be prevented, along with server-side

Malware, web-borne Malware, and other attack types. Detection covers all types of traffic

passing through the NGFW, including web, email and instant messaging - any Malware is

blocked.

The Kaspersky anti-Malware signature database is updated regularly to keep on top of thelatest attack mechanisms.

Navigate to the Malware Protection configuration page under Security.

Click the switch to enable Malware Protection, select Kaspersky as the provider

Set an Update Interval to contact the Update Server for updates to the Malware signature

database.

Save the Malware Protection configuration changes so they become part of the bootconfiguration file.

1. Configure Malware protection.




Antivirus

The NGFWs proxy-based antivirus guards against threats such as viruses, Trojans, worms,

spy-ware, and adware. In addition to protecting the local network by blocking threats

embedded in inbound traffic, it also prevents compromised hosts or malicious users from

launching attacks. This is essential for protecting business reputation, and minimizing business

disruption

Using the Kaspersky Antivirus engine, the signature database containing known threatpatterns is regularly updated.

Navigate to the Antivirus configuration page under Security.

Click the switch to enable Antivirus,

Select Kaspersky as the provider, and set an interval to contact the Update Server for

updates to the Antivirus signature database.

Save the Antivirus configuration changes to make them part of the boot configuration file.

1. Configure antivirus.



The Dashboard

The Dashboard

Now that we have configured the firewall application, web control, and threat protection

features, let's take a look at the dashboard of the GUI, and what information is provided in

the various widgets.

Currently there are System Information and System Environment widgets that displaydetails about the NGFW settings, and its health. The Firewall and Interface Traffic widgetsshow traffic through the device, and the Top Ten Apps widget shows the applications usingthe most bandwidth through the firewall.

System Information

Shows details of the NGFW, software, configuration, uptime, licenses and so on.


The Dashboard

System Environment

System Environment shows CPU and memory usage, as well as environmental status.


The Dashboard

Interface Traffic Interface Traffic shows traffic passing through a chosen interface in both directions over a 24

hour period.

The zoom function allows a closer look at a time period of interest to see where peak trafficoccurs:


Firewall Traffic Firewall Traffic shows traffic passing through the firewall over a 24 hour period. The zoom

function once again allows a closer look at a chosen time period:

Top Ten Apps The Top Ten Apps widget shows the applications using the most bandwidth through the

firewall. The Others option lets you drill down to the next 10 Apps, while the back button

will return you to the next highest list of Apps.

C613-16192-00 REV A

North America Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895

Asia-Pacifi c Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830

EMEA & CSA Operations | Incheonweg 7 | 1437 EK Rozenburg | The Netherlands | T: +31 20 7950020 | F: +31 20 7950021

alliedtelesis.com© 2015 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.

How to Configure NGFW - NETWORK · PDF fileAdvanced NGFW features -App Control andWeb control, see. page 22. 4. ... or select Network or Security menus for configuration, or use System

Documents